SSO User Provisioning

Is there an easy way to determine if an email domain is associated with an enterprise SSO connection?

We are currently using a database connection. When we add a new user to our application, we immediately provision that user in Auth0.

We are now giving customers the option to use enterprise SSO. In that case, we don’t want to provision the user when the user is added to our application - we’re using a post login script to provision the user after their initial login.

My thought is to use the management api connections endpoint to retrieve all SSO domains at application startup, then ignore provisioning if the user email’s domain is within the domain collection. Is this the best way to accomplish this?

Hi @john.boldt

If you are using home realm discovery, you can do this with the management API:

See the “realms” field in the returned data.

If you are not doing home realm discovery, there is no way to guess if an email belongs to an enterprise connection or is a DB user.

John

2 Likes

Thanks for helping on this one John!